Uber awards 4.6 lakh to Indian researcher for discovering Uber bug

Anand explained that the bug was an account-takeover-vulnerability on Uber that allowed attackers to take over any other user’s Uber account, including those of partners and Uber Eats users.

SNS Web | New Delhi | September 16, 2019 2:22 pm

Representational image. (Photo : iStock)

Uber the global ride-hailing giant has recently fixed a software loophole found by Indian cybersecurity researcher Anand Prakash. According to Prakash this bug could allow hackers to log into anyone’s Uber account.

The company has paid Anand $6,500 i.e. about Rs 4.6 lakh as a reward for giving information about this bug. Anand further explained that the bug was an account-takeover-vulnerability on Uber that allowed attackers to take over any other user’s Uber account, including those of partners and Uber Eats users, inc42 reported.

As per media report, the bug was present in the API request function of the Uber app.

However, following the bug report, Uber has fixed the bug immediately through the company’s bug bounty programme. It also said that over $2 million was paid to more than 600 researchers around the world, including Indian researchers.

Earlier Anand had once removed a bug in Uber, by taking advantage of which anyone could travel free for a lifetime in an Uber cab.